Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
全家返利管家
v0.1.0家庭返利统一管理工具,聚合全家人的购物返利账户,统一追踪、统一提现,帮全家省钱。
⭐ 0· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described capabilities (account aggregation,代下单/place orders for relatives, unified withdrawal to a family account) normally require direct access to external rebate platforms, user credentials, and payment/withdrawal mechanisms. Yet the skill declares no required environment variables, no config paths, and no install artifacts. That mismatch suggests the metadata is incomplete or the skill is underspecified about how it will perform these sensitive operations.
Instruction Scope
SKILL.md is high-level and permissive (e.g., '帮爸妈代查返利、代下单', '统一提现'), but gives no concrete, constrained runtime steps or guardrails. It does not state how credentials are obtained, how consent is recorded, which external endpoints are used, or what data is stored/transmitted. This vagueness grants the agent broad discretion and would require access to sensitive account data if implemented — the instructions do not limit or justify that scope.
Install Mechanism
No install spec and no code files are present, so nothing is written to disk by default. That lowers immediate supply-chain risk. However, lack of implementation details increases uncertainty about how actual functionality would be achieved.
Credentials
The skill requests no environment variables or credentials despite describing actions that normally require them (platform logins, payment/withdrawal access). This absence is disproportionate: if real aggregation/withdrawal is intended, the skill should declare which credentials/tokens it needs and why, and minimize scopes. The omission is a red flag.
Persistence & Privilege
The skill is not marked always:true and has normal invocation flags. It does not request persistent system-wide privileges in the metadata. That said, runtime behavior (not specified) could still request credentials or perform actions if the agent is allowed to; metadata alone doesn't grant extra privileges.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contains unicode control characters which the scanner flagged as a prompt-injection pattern. This is not expected for a straightforward feature description and could indicate an attempt to manipulate parsing or runtime behavior; treat the file contents with caution.
What to consider before installing
This skill's goals (aggregating family accounts, placing orders for relatives, and performing withdrawals) inherently require access to other services and sensitive credentials, but the SKILL.md and metadata omit how that will be done and what protections exist. Before installing or enabling it, ask the publisher for concrete answers: 1) Which external platforms are supported and what exact credentials/tokens are required? 2) How are credentials obtained, stored, and protected (encryption, retention, who can access them)? 3) Is there a backend server? Where is data stored and in which jurisdiction? 4) Will actions that move money (withdrawals) require explicit human confirmation and multi-factor auth? 5) Can the skill use limited-scope OAuth tokens instead of passwords? 6) Is there an audit log and consent records for each family member? 7) Provide a privacy/security whitepaper or source code so reviewers can inspect it. If the publisher cannot answer or provide verifiable code and a least-privilege authentication design, do not give this skill account passwords, payment credentials, or broad permissions — prefer manual workflows or trusted, reviewed integrations instead.Like a lobster shell, security has layers — review code before you run it.
latestvk97fexfdfbb64ery70fr80c0x183p6tr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.